GDPR 1 Year On

A Year with GDPR – but what does it mean for you?

It’s exactly a year since the new General Data Protection Rules (GDPR) came into effect so we thought we’d do a little recap on this for you all.

In years gone by there would always be random phone calls from unusual numbers, telling us we’ve been in an accident in the last few years or that we were owed thousands in PPI, yet we could never fully work out exactly how they got our numbers! This is because up until 25th May 2018 the rules surrounding data sharing never fully protected the rights of the consumer and were easy for companies to work around, meaning your data could be sold to companies to use for marketing, hence those nuisance phone calls.

The introduction of GDPR last year massively changed this, and you’ll probably remember being bombarded with multiple emails and correspondence from organisations desperate for permission to hold your data. Though the e-mails may have seemed never-ending at the time, it’s reassuring to see such a massive change, and you can be safe in the knowledge that you are now covered by the world’s strongest data protection rules.

It’s obviously very important that we are all cautious about who we give our details to and it is even more important that any information on us is held securely and treated confidentially. It is a legal requirement for anyone holding client to adhere to GDPR, giving you the utmost protection.

So, what are your rights under GDPR?

Rights to Be Informed - before and after data is collected – we have the right to know how it will be collected, processed, shared and for what purpose.

Right to Correction -we have the right to have incomplete or incorrect data corrected.

Right to Be Forgotten – we have the right to have personal data permanently deleted.

Right to Restriction of Processing - we can block or supress personal data being used.

Right to Data Portability – we can move, copy or transfer personal data from one company to another in a safe and secure way.

Right to Object to Processing - we can object to public authorities processing our data without consent and stop our personal data being used for direct marketing.

Right not to Be Subject to Automated Decision Making – we can demand human intervention rather than computer saying No!

How has GDPR changed the way companies do business?

In the last year since GDPR came into effect the number of annually reported breaches have doubled. Organisations now must report data breaches to both those affected (you) and the appropriate regulator within 72 hours of being discovered.

Companies must also ensure they have robust detection, investigation and reporting systems in place meaning that a lot of companies have had to implement new and more sophisticated IT systems. They would also need to consider where data is stored, including cloud-based storage. Where systems may previously have been out-dated, they could also have been less secure. With fraudsters and scam artists becoming more sophisticated and intelligent, GDPR should give you the peace of mind that your data is safe.

If companies are not compliant, GDPR can impose a temporary or indefinite ban on dealing with client data, which could ultimately stop a company trading. There can also be a harsh financial penalty of up to €20 million or 4% of annual, worldwide turnover, whichever is higher.

Since the new rules launched, Google has already been fined €50 million (though this is a mere drop in the ocean to them at only 0.04% of their annual turnover). The Google fine accounted for 90% of all fines imposed on companies since GDPR was introduced.

As previously mentioned above, anyone in the EU can ask that companies permanently delete all of the data that is held about them which is known as “the right to be forgotten” This only applies in certain circumstances, which can complicate matters and is dependent on the sophistication of the data systems each company has in place. A lot of companies have had no choice but to upgrade their IT systems and re-evaluate their policies and procedures.

Summary

GDPR has most certainly been the shake-up the UK has needed and has provided us much needed protection for consumers.

There is no doubt that the new rules are helping to protect us from unwanted contact, identity leaks and possible fraud however there still seems to be a way to go before the new rules will be fully effective.

If you have any questions regarding GDPR and what it means for you, or you’d like to know more about how we store your data please give us a ring on 01294 539267.

Financial Services Scotland Ltd is an
appointed representative of Personal Touch Financial Services Limited,
which is authorised and regulated by the Financial Conduct Authority.

Financial Services Scotland Ltd is registered in Scotland, and is an appointed representative of Personal Touch Financial Services Limited, which is authorised and regulated by the Financial Conduct Authority. Company No. sc408291.
1 Glebe Street, Stevenston,Ayrshire KA20 3EN.